Authorization
In Planon Software Suite authorization is based on the principle of separating data and functionality. An administrator can therefore create:
• User groups, which can be used in two ways:
◦ To combine data and functional access
◦ To separate data and functional access
• Function profiles to specify the functionality (such as data fields, actions and status transitions) to be made available to certain users.
• Authorization filters to limit users to accessing specific data.
By linking a function profile and authorization filters to a user group you can determine the rights of the users of this particular user group.
Authorization filter | Funtion profile |
|---|---|
Access to data: | Access to functionality: |
• No access • Read-only access • Modify | • Fields • Status transitions • Actions |
When using this type of profile, the combination of user groups grants access to specific data. By linking users to multiple user groups, access to data is expanded.
Or, alternatively, you can separate functional access and data access by applying split role and data:
Authorization filter | Funtion profile |
|---|---|
Access to data: | Access to functionality: |
• No access • Read-only access • Modify | • Fields • Status transitions • Actions |
When using this profile, the combination of user groups grants specific access to data. When using authorization links, this type of combining profiles acts restricting as is explained in Separating data access and functional access.
For more information on the concepts used in Authorization, see Authorization concepts.